Communication Can Take the Bite Out of Phishing

By Cameron Sturdevant  |  Posted 2004-02-02
For companies trying to get their message to business partners, customers and prospects, simply complying with CAN-SPAM legislation may not be enough. The reason: Many spammers are going phishing.

Phishing, the latest spam trend, occurs when e-mail masquerading as a message from a real company directs recipients to a false Web page that looks identical to the real companys Web site. Phishing is a significant step in the transition of spam from nuisance and productivity speed bump to a potentially huge fraud problem.

Phishing messages have already targeted PayPal, an eBay Inc. company; Citigroup Inc.; and FleetBoston Financial Corp., among many others. Finding these messages and stopping them cold is the bread and butter of e-mail spam filters, but any company with a popular brand that uses credit card or financial account information is a potential victim of this kind of identity theft.

eWEEK Labs believes IT managers should take a hint from this new technique and get closer to the marketing department with advice on improving reliable communication with current customers and potential customers. For example, PayPal, Citibank and Fleet have posted messages on their Web sites that outline how these companies communicate with customers. The sites also discuss ways real PayPal or Citibank representatives contact customers to check on account status.

Educating customers and partners about company practices is an important weapon against phishing, but, like spam in general, well be seeing a lot more of these bogus messages before long. The reason is simple: The costs associated with spam are minuscule compared with the payoffs. "The Real Answer to the Spam Problem," a brief published last month by Forrester Research Inc., of Cambridge, Mass., argues that if spammers incurred costs of even $0.0025 cents per unsolicited message sent, most would go out of business.

Although we take issue with the Forrester papers conclusion that everyone should be charged a nominal fee to send e-mail, we agree that the current nature of e-mail means the financial incentive to spoof e-mail from companies such as Citibank is too tempting to be quashed with legislation alone.

2004 is very likely going to be the year when the convergence of spammers and virus writers makes beefing up basic e-mail protocols more important than ever. But dont count on speedy resolution of e-mail protocol security issues, as eWEEK Labs Technical Analyst Michael Caton warns in his Tech Analysis.

Rocket Fuel